SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Addict isuru's Avatar
    Join Date
    Nov 2000
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have heard the term "md5 hash" used before when reading about php. What is it, why is it useful and how do you use it?

  2. #2
    SitePoint Evangelist
    Join Date
    Jul 2000
    Location
    Warwickshire, England
    Posts
    557
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    MD5 is a message digest. It is often used to create "signatures" and is often used for password checking. E.g. you would ask the user for a pwd, store the md5 hash. To verify the password at a later date, you would compare the stored md5 hash with the md5 of the password the user entered. This way dont have to actually store the password and it is fairly difficult to recover passwords from md5 as it is "one way"; the only way is bruteforcing.

  3. #3
    SitePoint Wizard
    Join Date
    Apr 2000
    Posts
    1,483
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In PHP to generate the MD5 hash of something use this:
    Code:
    $text = "hello";
    $md5text = md5($text);
    I use it on my site for password encrypting - there is no way (or at least no easy way) to decrypt that back into the original text.

  4. #4
    SitePoint Member
    Join Date
    Dec 2000
    Location
    Poland
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, the "irreversible" coding is actually a coding which while reversed produces multiple answers from one code. It means that all answers are equivalent and you can't know which one is the original one. But it makes this coding weaker against a brute force attack than a reversible coding.

    The simplest example of such coding is to xor all bits of the password into one bit. It is irreversible, but probably nobody wants to use it as a password coding, because the brute force attack can be restricted to only two passwords - one which produces the code bit 0 and one which produces the code bit 1. See, that a password length doesn't matter.

    Also a very well-chosen password can have the same signature that a common word, which, in turn, can make a password system vulnerable to a simple attack using a dictionary.

    Chris
    PS. The MD5 is quite long for bruteforcing.

  5. #5
    SitePoint Evangelist
    Join Date
    Jul 2000
    Location
    Warwickshire, England
    Posts
    557
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by asdn

    PS. The MD5 is quite long for bruteforcing.
    I wouldn't really say so..
    MD5 is MD4 with improved bit-hashing, an extra round, and better avalanche effect.
    This basically means true, it needs a little more computation, but it is far from being difficult. I know people who (granted they have Quad Xeon machines) can bruteforce MD4 (as used by Winnt) in a matter of minutes, so even md5 should not be that hard

    - Performance (throughput, so MD4 is faster than MD5 etc)..
    Code:
    MD4    MD5     SHA-1   RIPEMD   RIPEMD-128 RIPEMD-160
    20.9   14.2    6.1     10.3     8.0        5.0


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •